TU Darmstadt / ULB / TUbiblio

DROIDFORCE: Enforcing Complex, Data-Centric, System-Wide Policies in Android

Rasthofer, Siegfried ; Arzt, Steven ; Lovat, Enrico ; Bodden, Eric (2014)
DROIDFORCE: Enforcing Complex, Data-Centric, System-Wide Policies in Android.
In: Proceedings of the International Conference on Availability, Reliability and Security (ARES)
Artikel, Bibliographie

Kurzbeschreibung (Abstract)

Smartphones are nowadays used to store and process many kinds of privacy-sensitive data such as contacts, photos, and e-mails. Sensors provide access to the phone’s physical location, and can record audio and video. While this is convenient for many applications, it also makes smartphones a worthwhile target for attackers providing malicious applications. Current approaches to runtime enforcement try to mitigate unauthorized leaks of confidential data. However, they are often capable of enforcing only a very limited set of policies, like preventing data leaks only within single components or monitoring access only to specific sensitive system resources.

In this work, we present DROIDFORCE, an approach for enforcing complex, data-centric, system-wide policies on Android applications. DROIDFORCE allows users to specify fine-grained constraints on how and when which data may be processed on their phones, regardless of whether the malicious behavior is distributed over different colluding components or even applications. Policies can be dynamically exchanged at runtime and no modifications to the operating system nor root access to the phone are required.

DROIDFORCE works purely on the application level. It provides a centralized policy decision point as a dedicated Android application and it instruments a decentralized policy enforcement point into every target application. Analyzing and instrumenting an application takes in total less than a minute and secured applications exhibit no noticeable slowdown in practice.

Typ des Eintrags: Artikel
Erschienen: 2014
Autor(en): Rasthofer, Siegfried ; Arzt, Steven ; Lovat, Enrico ; Bodden, Eric
Art des Eintrags: Bibliographie
Titel: DROIDFORCE: Enforcing Complex, Data-Centric, System-Wide Policies in Android
Sprache: Englisch
Publikationsjahr: 2014
Titel der Zeitschrift, Zeitung oder Schriftenreihe: Proceedings of the International Conference on Availability, Reliability and Security (ARES)
Kurzbeschreibung (Abstract):

Smartphones are nowadays used to store and process many kinds of privacy-sensitive data such as contacts, photos, and e-mails. Sensors provide access to the phone’s physical location, and can record audio and video. While this is convenient for many applications, it also makes smartphones a worthwhile target for attackers providing malicious applications. Current approaches to runtime enforcement try to mitigate unauthorized leaks of confidential data. However, they are often capable of enforcing only a very limited set of policies, like preventing data leaks only within single components or monitoring access only to specific sensitive system resources.

In this work, we present DROIDFORCE, an approach for enforcing complex, data-centric, system-wide policies on Android applications. DROIDFORCE allows users to specify fine-grained constraints on how and when which data may be processed on their phones, regardless of whether the malicious behavior is distributed over different colluding components or even applications. Policies can be dynamically exchanged at runtime and no modifications to the operating system nor root access to the phone are required.

DROIDFORCE works purely on the application level. It provides a centralized policy decision point as a dedicated Android application and it instruments a decentralized policy enforcement point into every target application. Analyzing and instrumenting an application takes in total less than a minute and secured applications exhibit no noticeable slowdown in practice.

Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > EC SPRIDE
20 Fachbereich Informatik > EC SPRIDE > Secure Software Engineering
Zentrale Einrichtungen
LOEWE
20 Fachbereich Informatik
LOEWE > LOEWE-Zentren
Hinterlegungsdatum: 24 Nov 2014 14:15
Letzte Änderung: 24 Nov 2014 14:15
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen